When running ECS on EC2, the EC2 instances hosting the containers need a role. This role gives them permission to, among other things, pull images from ECR, manage tasks in the ECS API, and put logs into cloudwatch.
When running in Fargate, there are no EC2 instances hosting your containers, so these permissions have to go somewhere. This is called a Task Execution Role. It gives the Fargate service the same permissions the EC2 instance would need. This role is not required when running tasks on EC2 backed ECS.
This is a role used by the ECS service itself to perform functions such as managing load balancer configuration, doing service discovery, as well as attaching network interfaces when using the awsvpc network mode. There is only one of these per account.
Not to be confused with the Task Execution Role, the Task Role is used when code running inside the container needs access to AWS resources. This is equivalent to the instance profile if the code was running directly on an EC2 instance.